Archive for the ‘Software’ Category

Apache – No hotlinking

Monday, March 24th, 2008


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domena\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domena\.net/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(wmv|wma|asf|asx|mpg|mpeg|mp3|avi|mov|swf|dcr)$ [L]

Približno tako bi zgledalo, čeprav nisem zadeve sprobal Smile .

Tags: , ,
Posted in Software, Web | No Comments »

.htaccess in avtorizacija 2

Thursday, August 9th, 2007

Zaščitimo samo eno datoteko:
<Files login.php>AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user</Files>

Več datotek (končnice):
<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">AuthName "htaccess password prompt"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user</FilesMatch>

Dovolimo samo določenim IPjem:
Allow from 1.1.0.0/255.255.0.0
Allow from 1.1.2.3
Allow from 192.168.1.100 192.168.1.200

(Ne)Dovolimo dostopa preko (pod)domen:
Order Allow,Deny
Allow from apache.org
Deny from wireshark.apache.org

Posted in Software | No Comments »

HTTP headers in .htaccess

Thursday, August 9th, 2007

Onemogočimo medpomnjenje:
<FilesMatch "\.(html|htm|js|css)$">
Header set Cache-Control "max-age=0, no-cache, no-store, private"
Header set Pragma "no-cache"
Header set Expires "0"
</FilesMatch>
Dodajanje P3P Privacy Headers
Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""
ali
Header set P3P "policyref=\"/w3c/p3p.xml\""
Določanje Charseta in jezika v htaccess:
<Files ~ "\.(htm|html|css|js)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</Files>

Posted in Software | No Comments »

Še Apacheja …

Thursday, August 9th, 2007

Kako oenmogočimo dostop do .htaccess datotek:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
Lastne “strani z napakami”:

ErrorDocument 400 /nekaj/e400.php
ErrorDocument 401 /nekaj/e401.php
ErrorDocument 403 /nekaj/e403.php

Posted in Software | No Comments »

Avtorizacija s .htaccess

Thursday, August 9th, 2007

Dokumentacija spletnega strežnika Apache: 1.3 | 2.0 | 2.2 | Trenutna verzija

Seznam modulov ki se (lahko) uporabljajo za avtorizacijo:

LoadModule access_module lib/modules/mod_access.so
LoadModule auth_module lib/modules/mod_auth.so
LoadModule auth_anon_module lib/modules/mod_auth_anon.so
LoadModule auth_dbm_module lib/modules/mod_auth_dbm.so
LoadModule auth_digest_module lib/modules/mod_auth_digest.so

Zaščita direktorija:
Datoteka: .htaccess
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /path/to/htpwd/.htpasswd
Require valid-user

Seveda ne pozabite chmodati .htaccess datoteke na 644 in .htpasswd na 640. Preverite tudi če je v httpd.conf med in , tale vrstica: AllowOverride AuthConfig. Opomba .htpasswd lahko zgenerirate tudi online in sicer tukaj.

Pa še ne primer z moje strani:

Options Indexes FollowSymLinks
AuthType Basic
AuthName “Admin”
AuthUserFile /hosting/nekaj/senekaj/.htpasswd
<limit>
order allow,deny
allow from all
require valid-user
</limit>

Posted in Software | No Comments »